|
| 1 | +on: |
| 2 | + push: |
| 3 | + branches: |
| 4 | + - main |
| 5 | + - master |
| 6 | + tags: |
| 7 | + - 'v*' |
| 8 | + |
| 9 | +name: Publish Wasm module |
| 10 | + |
| 11 | +jobs: |
| 12 | + test: |
| 13 | + name: Test Suite |
| 14 | + runs-on: ubuntu-latest |
| 15 | + steps: |
| 16 | + - uses: actions/checkout@v2 |
| 17 | + - uses: actions-rs/toolchain@v1 |
| 18 | + with: |
| 19 | + profile: minimal |
| 20 | + toolchain: stable |
| 21 | + override: true |
| 22 | + - uses: actions-rs/cargo@v1 |
| 23 | + with: |
| 24 | + command: test |
| 25 | + |
| 26 | + build: |
| 27 | + name: Build and publish policy |
| 28 | + runs-on: ubuntu-latest |
| 29 | + needs: test |
| 30 | + env: |
| 31 | + WASM_BINARY_NAME: seccomp_psp_policy |
| 32 | + OCI_TARGET: ghcr.io/${{ github.repository_owner }}/policies/seccomp-psp |
| 33 | + METADATA_FILE: metadata.yml |
| 34 | + KWCTL_VERSION: v0.1.9 |
| 35 | + steps: |
| 36 | + - |
| 37 | + name: Checkout code |
| 38 | + uses: actions/checkout@v2 |
| 39 | + - |
| 40 | + name: Prepare Rust environment |
| 41 | + uses: actions-rs/toolchain@v1 |
| 42 | + with: |
| 43 | + profile: minimal |
| 44 | + toolchain: stable |
| 45 | + target: wasm32-unknown-unknown |
| 46 | + - |
| 47 | + name: Download kwctl |
| 48 | + run: | |
| 49 | + curl -L https://github.com/kubewarden/kwctl/releases/download/${{env.KWCTL_VERSION}}/kwctl-linux-amd64.zip -o kwctl.zip |
| 50 | + unzip kwctl.zip |
| 51 | + chmod 755 kwctl |
| 52 | + - |
| 53 | + name: Build Wasm module |
| 54 | + uses: actions-rs/cargo@v1 |
| 55 | + with: |
| 56 | + command: build |
| 57 | + args: --target=wasm32-unknown-unknown --release |
| 58 | + - |
| 59 | + name: Annotate Wasm module |
| 60 | + run: | |
| 61 | + ./kwctl annotate -m ${{ env.METADATA_FILE }} -o policy-annotated.wasm target/wasm32-unknown-unknown/release/${WASM_BINARY_NAME}.wasm |
| 62 | +
|
| 63 | + - |
| 64 | + name: Login to GitHub Container Registry |
| 65 | + uses: docker/login-action@v1 |
| 66 | + with: |
| 67 | + registry: ghcr.io |
| 68 | + username: ${{ github.repository_owner }} |
| 69 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 70 | + - |
| 71 | + name: Publish Wasm policy artifact to OCI registry with the 'latest' tag |
| 72 | + if: ${{ startsWith(github.ref, 'refs/heads/') }} |
| 73 | + run: | |
| 74 | + ./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:latest |
| 75 | + - |
| 76 | + name: Publish Wasm policy artifact to OCI registry with the version tag and 'latest' |
| 77 | + if: ${{ startsWith(github.ref, 'refs/tags/') }} |
| 78 | + run: | |
| 79 | + export OCI_TAG=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") |
| 80 | + ./kwctl push policy-annotated.wasm ${{ env.OCI_TARGET }}:${OCI_TAG} |
| 81 | + - |
| 82 | + name: Create Release |
| 83 | + if: ${{ startsWith(github.ref, 'refs/tags/') }} |
| 84 | + id: create_release |
| 85 | + uses: actions/create-release@v1 |
| 86 | + env: |
| 87 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 88 | + with: |
| 89 | + tag_name: ${{ github.ref }} |
| 90 | + release_name: Release ${{ github.ref }} |
| 91 | + draft: false |
| 92 | + prerelease: false |
| 93 | + - |
| 94 | + name: Upload Release Asset |
| 95 | + if: ${{ startsWith(github.ref, 'refs/tags/') }} |
| 96 | + id: upload-release-asset |
| 97 | + uses: actions/upload-release-asset@v1 |
| 98 | + env: |
| 99 | + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 100 | + with: |
| 101 | + upload_url: ${{ steps.create_release.outputs.upload_url }} |
| 102 | + asset_path: policy-annotated.wasm |
| 103 | + asset_name: policy.wasm |
| 104 | + asset_content_type: application/wasm |
| 105 | + - |
| 106 | + name: Notify policy-hub |
| 107 | + if: ${{ startsWith(github.ref, 'refs/tags/') }} |
| 108 | + uses: kubewarden/notify-policy-hub@main |
| 109 | + with: |
| 110 | + USERNAME: chimera-kube-bot |
| 111 | + PAT: ${{ secrets.WORKFLOW_PAT }} |
0 commit comments